With the proliferation of online activity in today’s uber-digitalised world, protecting data and preventing harmful personal information leaks has become a significant factor for every company globally. The ASEAN region is no exception, and recently ransomware attacks in Southeast Asia have become a growing concern. Even the smallest startups now have to take cybersecurity seriously to prevent cybercrime from devastating their firm.
Experts in the sector, CyberSecurity Ventures, state that preventing this issue will cost the world $6 trillion USD this year, rising to $10.5 trillion USD annually by 2025. With so much at stake, we wonder if companies in Southeast Asia are doing enough to protect themselves against ransomware attacks and other crimes?
Growing digital threats
As Southeast Asia embraces the digital era and countries such as Singapore, Vietnam, Thailand, and Malaysia see an increase in the number of startups setting up a business, protection against cybercrime becomes a priority. Ransomware attacks occur when a piece of malware is inserted into a system to encrypt the files, locking the owner out and demanding a fee to restore the files. Some data-hijackers also add the threat of releasing the stolen information on the internet, which is significantly damaging for a company that has stored sensitive or personal data.
We explore the role of graph data platform in preventing cyberattacks
Thankfully, in 2020, the number of cyberattacks on companies fell throughout the region, except in Singapore. The Cyber Security Agency of Singapore reports a 154% increase in ransomware attacks, with small to medium enterprises (SMEs) being the most attractive targets. SMEs from the manufacturing, retail and healthcare sectors seem to be bearing the brunt of this new crime wave, but all industries are potential targets.
It seems likely that Singapore is a favourable target for such attacks as it is a highly digitalised nation and has many APAC headquarters based in the city. However, it is not the most attacked country in the region. This dubious honour falls to Indonesia who ranks 5th in the world for the number of cyberattacks annually.
Unfortunately, many companies still do not know how to deal with the threat of an attack, prevent one or what to do if they become victims. Even at the smaller end of the commercial scale, businesses have a wealth of data and personal information stored on their company databases and online, making them low-hanging fruit for hackers or cybercriminals hoping to access this material.
Cybersecurity is increasingly the responsibility of all companies. They must take the initiative, especially those dealing with digital engagement and user records and data, to prevent hacks or leaks from occurring. It is no longer satisfactory to use the defence mechanism of “security through obscurity” as hackers are targeting SMEs and startups that lack the structural preparedness and organisational security measures and those larger, more established firms with the financial resilience to weather such an attack.
Preparing for and recovering from a cyber attack
While it is virtually impossible to completely secure all data against attacks, like the instance when Singapore’s SingHealth networks were hacked in 2018, there are some ways to mitigate the risks.
To proactively defend against ransomware, measures such as keeping up to date and patching software and operating systems are necessary. Furthermore, performing compromise assessments and implementing regular audits and security checks are a minimum requirement.
Working from the assumption that the company will become a target should help spur a recovery plan that includes SOPs for backing up data, storing it in a secure cloud service and detailed steps for recovery of data after an attack. It is also vital that company laptops or remote desktops are not connected to open public networks, which increases the likelihood of attack. Ensuring staff education about the risks to security and encouraging the use of secure VPNs can also help.
By implementing these basic recommendations, an SME can mitigate some of the risks and have plans in action to get back to business as quickly as possible after falling foul of a ransomware attack.
Companies can also increase their protection levels by investing more in cybersecurity measures with trained experts or managed security systems.
With everything for sale online these days, it is no surprise that illegally gleaned data, and the means to obtain it are available on the open market. A growing number of Ransomware-as-a-Service (RaaS) companies provide affiliates with the tools required to hack into systems, making it easier than ever for someone with a bit of knowledge to become a hacker.
Even if ransomware attacks in Southeast Asia decline in the coming years, cybersecurity will still be a hot topic even for startups and SMEs in the region. Cybercrime will continue to evolve, bringing challenges to companies and requiring them to find new ways to prevent attacks on their data. Startups must monitor the security of their systems and implement policies and proactive steps to avoid becoming victims of cyberattacks.